The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hybrid View

Which version of PHP for mass distribution

I am planning to write an application that I will make commercially available for others to download and install on their own servers for use.

While researching on the web, I read that Php 4 has some security issues ( sql injection etc.), and PHP 5 is OO and better, but my real concern is that others should be able to download and use it.

Which version of PHP is more appropriate - PHP 4, 4.1 or 5. I don't want to be in a situation that I write it as a OO application in PHP 5 and then it may not run for those people running PHP 4 on their shared hosting servers.

So my question is - how is the adoption of PHP 5. Do you all see most people using PHP 5 or still PHP 4. What's the trend and what is the direction.

Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued.

The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5.

For documentation on migration for PHP 4 to PHP 5, we would like to point you to our migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well.

As true as that is, you have to take into consideration that if you plan on making something widely available, you WILL end up with people running PHP 4 past the date it stops being supported.

There are PLENTY of organizations jumping on the "Go PHP 5" project and I am currently undecided, but you can't ignore the fact that past that date, you'll still have people on PHP 4 and if you make your PHP incompatible, you'll lose sales.

Up to each person/company to determine if it's worth it. Going PHP 5 allows you to add plenty of extended functionality

PHP 4 end of life has been announced. There are still MANY people with PHP 4. I think the choice is on what you are developing. If it is non-OO and can be done with a stable version of PHP 4 then focus on that. It will most certainly run easily with PHP 5 too, but people with PHP 4 will at least not have to upgrade.

If your app is using PHP 5 specific stuff (simpleXML, better OO?) then you have to keep in mind some users may have problems.

This is a constant confusion... sometime soon PHP 6 will be out and you will have more confusion. Just declare which is the minimum stable version that will work and that should keep users happy.

People don't update because they want to, they update because they have to.

Updating sucks, people who buy commercial software hate doing it & will put it off as long as nothing requires them to do it.
People who buy commercial software will also move to equipment that supports your requirements, if the software is worth buying to begin with that is.

Firstly SQL Injections can occur with any version of PHP. It's dead easy to take un-validated user input in PHP5 and send it to a database. Developers must protect against this.

To answer your main question, yes, if maximum compatibility is a priority then supporting PHP4 will give your app a lower barrier to installation.
If you decide to support PHP4 you should definitely also support PHP5.

Personally I don't write for PHP4 anymore. I want PHP to progress and improve, and the longer it stays easy for people and hosts to keep PHP4 the worse off the "community" (hate that word) will be.

PHP5 installations will continue to grow, it just takes a bit of a long term view to be willing to cut-out the PHP4 users.